Masking the energy behaviour of encryption algorithms

H. Saputra, N. Vijaykrishnan, M. Kandemir, M. J. Irwin, R. Brooks

Research output: Contribution to journalArticle

8 Citations (Scopus)

Abstract

Smart cards are vulnerable to both invasive and noninvasive attacks. Specifically, noninvasive attacks using power and timing measurements to extract the cryptographic key have drawn a lot of negative publicity for smart card usage. The power measurement techniques rely on the data-dependent energy behaviour of the underlying system. Further, power analysis can be used to identify the specific portions of the program being executed to induce timing glitches that may in turn help to bypass key checking. Thus, it is important to mask the energy consumption when executing the encryption algorithms. The instruction set architecture of a simple five-stage pipelined smart card processor with secure instructions to mask the energy differences due to key-related data-dependent computations in DES and Rijndael encryptions is augmented. The secure versions operate on the normal and complementary versions of the operands simultaneously to mask the energy variations due to value-dependent operations. However, this incurs the penalty of increased overall energy consumption in the data-path components. Consequently, we employ secure versions of instructions only for critical operations; that is we use secure instructions selectively, as directed by an optimising compiler. Using a cycle-accurate energy simulator, the effectiveness of this enhancement is demonstrated. The approach achieves energy masking of critical operations, consuming 83% less energy compared to existing approaches employing dual rail circuits.

Original languageEnglish (US)
Pages (from-to)274-284
Number of pages11
JournalIEE Proceedings: Computers and Digital Techniques
Volume150
Issue number5 SPEC. ISS.
DOIs
StatePublished - Sep 1 2003

Fingerprint

Smart cards
Masking
Encryption
Cryptography
Masks
Smart Card
Energy utilization
Energy
Mask
Dependent Data
Energy Consumption
Rails
Timing
Simulators
Rijndael
Attack
Optimizing Compilers
Power Analysis
Networks (circuits)
Measurement Techniques

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Hardware and Architecture
  • Computational Theory and Mathematics

Cite this

Saputra, H. ; Vijaykrishnan, N. ; Kandemir, M. ; Irwin, M. J. ; Brooks, R. / Masking the energy behaviour of encryption algorithms. In: IEE Proceedings: Computers and Digital Techniques. 2003 ; Vol. 150, No. 5 SPEC. ISS. pp. 274-284.
@article{25969df97ef3400d8bcb0041fd1ff68c,
title = "Masking the energy behaviour of encryption algorithms",
abstract = "Smart cards are vulnerable to both invasive and noninvasive attacks. Specifically, noninvasive attacks using power and timing measurements to extract the cryptographic key have drawn a lot of negative publicity for smart card usage. The power measurement techniques rely on the data-dependent energy behaviour of the underlying system. Further, power analysis can be used to identify the specific portions of the program being executed to induce timing glitches that may in turn help to bypass key checking. Thus, it is important to mask the energy consumption when executing the encryption algorithms. The instruction set architecture of a simple five-stage pipelined smart card processor with secure instructions to mask the energy differences due to key-related data-dependent computations in DES and Rijndael encryptions is augmented. The secure versions operate on the normal and complementary versions of the operands simultaneously to mask the energy variations due to value-dependent operations. However, this incurs the penalty of increased overall energy consumption in the data-path components. Consequently, we employ secure versions of instructions only for critical operations; that is we use secure instructions selectively, as directed by an optimising compiler. Using a cycle-accurate energy simulator, the effectiveness of this enhancement is demonstrated. The approach achieves energy masking of critical operations, consuming 83{\%} less energy compared to existing approaches employing dual rail circuits.",
author = "H. Saputra and N. Vijaykrishnan and M. Kandemir and Irwin, {M. J.} and R. Brooks",
year = "2003",
month = "9",
day = "1",
doi = "10.1049/ip-cdt:20030832",
language = "English (US)",
volume = "150",
pages = "274--284",
journal = "IEE Proceedings: Computers and Digital Techniques",
issn = "1350-2387",
publisher = "Institute of Electrical Engineers",
number = "5 SPEC. ISS.",

}

Masking the energy behaviour of encryption algorithms. / Saputra, H.; Vijaykrishnan, N.; Kandemir, M.; Irwin, M. J.; Brooks, R.

In: IEE Proceedings: Computers and Digital Techniques, Vol. 150, No. 5 SPEC. ISS., 01.09.2003, p. 274-284.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Masking the energy behaviour of encryption algorithms

AU - Saputra, H.

AU - Vijaykrishnan, N.

AU - Kandemir, M.

AU - Irwin, M. J.

AU - Brooks, R.

PY - 2003/9/1

Y1 - 2003/9/1

N2 - Smart cards are vulnerable to both invasive and noninvasive attacks. Specifically, noninvasive attacks using power and timing measurements to extract the cryptographic key have drawn a lot of negative publicity for smart card usage. The power measurement techniques rely on the data-dependent energy behaviour of the underlying system. Further, power analysis can be used to identify the specific portions of the program being executed to induce timing glitches that may in turn help to bypass key checking. Thus, it is important to mask the energy consumption when executing the encryption algorithms. The instruction set architecture of a simple five-stage pipelined smart card processor with secure instructions to mask the energy differences due to key-related data-dependent computations in DES and Rijndael encryptions is augmented. The secure versions operate on the normal and complementary versions of the operands simultaneously to mask the energy variations due to value-dependent operations. However, this incurs the penalty of increased overall energy consumption in the data-path components. Consequently, we employ secure versions of instructions only for critical operations; that is we use secure instructions selectively, as directed by an optimising compiler. Using a cycle-accurate energy simulator, the effectiveness of this enhancement is demonstrated. The approach achieves energy masking of critical operations, consuming 83% less energy compared to existing approaches employing dual rail circuits.

AB - Smart cards are vulnerable to both invasive and noninvasive attacks. Specifically, noninvasive attacks using power and timing measurements to extract the cryptographic key have drawn a lot of negative publicity for smart card usage. The power measurement techniques rely on the data-dependent energy behaviour of the underlying system. Further, power analysis can be used to identify the specific portions of the program being executed to induce timing glitches that may in turn help to bypass key checking. Thus, it is important to mask the energy consumption when executing the encryption algorithms. The instruction set architecture of a simple five-stage pipelined smart card processor with secure instructions to mask the energy differences due to key-related data-dependent computations in DES and Rijndael encryptions is augmented. The secure versions operate on the normal and complementary versions of the operands simultaneously to mask the energy variations due to value-dependent operations. However, this incurs the penalty of increased overall energy consumption in the data-path components. Consequently, we employ secure versions of instructions only for critical operations; that is we use secure instructions selectively, as directed by an optimising compiler. Using a cycle-accurate energy simulator, the effectiveness of this enhancement is demonstrated. The approach achieves energy masking of critical operations, consuming 83% less energy compared to existing approaches employing dual rail circuits.

UR - http://www.scopus.com/inward/record.url?scp=0345358578&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0345358578&partnerID=8YFLogxK

U2 - 10.1049/ip-cdt:20030832

DO - 10.1049/ip-cdt:20030832

M3 - Article

AN - SCOPUS:0345358578

VL - 150

SP - 274

EP - 284

JO - IEE Proceedings: Computers and Digital Techniques

JF - IEE Proceedings: Computers and Digital Techniques

SN - 1350-2387

IS - 5 SPEC. ISS.

ER -